Podcast: Play in new window | Download

Subscribe: RSS

July is Ransomware Awareness Month

10 Things You Need to Do to Avoid a Ransomware Attack/Data Breach

Ransomware is the scourge of the internet, and one of the biggest threats to small businesses all over the world, but what can we do? Well, it starts with awareness and education.

We recorded this podcast to raise awareness and help business owners combat ransomware, data breaches, and all that comes along with it. There are 10 Steps to protecting your business and preventing a ransomware attack/data breach.

You’re probably thinking why is a podcast about social engineering and human psychology talking about ransomware? Well, more than 90% of all cyber attacks begin with phishing, one of the most prevalent forms of social engineering today.

We also recorded a YouTube presentation to go along with this. You can view it here.

Transcription

People are the weakest link in any cybersecurity plan. We’re distracted, exhausted and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in the war against data breaches and ransomware attacks, it’s time to educate.

was probably 10 or 12 years ago, when I got a call from my mom, my wife’s brother, I think it was my was brother, my brother in law about his uncle’s computer having a screen on it saying that the FBI had seized his computer and was demanding a payment of $200. The uncle was ready to pay the $200. And young kids who needed the computer for schoolwork. He was ready to pay that $200 didn’t think it was a big deal, was concerned about whatever it is that the FBI had seized his computer for, but thought too, and it was not that big of a deal. This was a ransomware attack. This was the early days of ransomware attacks, they would commandeer single user computers and put up the screen saying the FBI sees a computer or something similar and demand a payment of a couple $100. And it worked for a little while. Then the ransomware attackers got greedy and said, You know what if we can get these consumers to pay a couple $100, we can get these businesses to pay 10s of 1000s. And in some case, millions of dollars. And they’ve succeeded and it has become the scourge of the internet. It is ransomware Awareness Month. So we put this special podcast together. It is also a YouTube video on the watch tech YouTube channel. So there will be a link in the show notes. And all we’re hoping to do with this is to prevent you from being a victim of a ransomware attack in your business. So have a listen. And leave us some feedback. Welcome to the human element podcast, visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client focused security minded proactive IT service provider. All right, everyone. Scott Gombar owner and watch Tech, we are a client focused security minded proactive IT service provider. July 1 ransomware awareness month, July is ransomware Awareness Month. And as I’m recording this tomorrow is July 1 2023. And the ransomware problem is not getting better, it is getting far worse. So we thought why not put a presentation together. And while we’re doing that we can record for both, and watch tech YouTube channel and all of their social media prop properties and the human element podcast that I host. So critical stuff going to get into here. Sit back and hopefully by the end of this presentation and podcast, you’ll know what to do to protect your business and your identity, your clients data, all of that just a little bit better. That’s the goal here. So first of all, you have to understand what ransomware is. Ransomware is a type of bad software or malware, malicious software, to hackers. And again, as you’ve heard me say in the podcast, if you listen to the podcast, I do not like the word hackers but so we’re going to use cyber criminals used to sneak into your computer. Once inside, it locks up your locks up or encrypts your files, making them unusable. So they would be encrypted, you’ll try to open it and you will not open. It will tell you you need the decryption key in order to open it. Now once they’ve done this, once they’ve gotten access to your computer, they may stay there for a while. And they may do some other nefarious things to jump around from computer to computer server to server, whatever, steal some information, steal some of your employees info, a lot of nasty stuff. But then they will also steal your clients data, the data that you host for your clients because they are clients of yours. And then they will use that to extort you. They will say pay us some money or we’re going to sell it on the dark web and we’re going to tell your clients we have your data The whole world will find out that your data is with us. Think of it as a burglar getting into your house, putting all your valuables into safety and changing the combination, your stuff is still there, but you can’t access it. That’s the first phase. The second phase is we’re going to take that stuff, stuff that doesn’t belong to you. And we’re going to sell it and we’re going to tell those people that it belongs to that we sold it, and we took it from you, because you didn’t do a good job protecting it. That’s essentially what they do now. Ransomware Awareness Month. That’s what we’re here for. Let’s go fishing 90% of all, cyber attacks begin with Phishing. Phishing, as we’ve talked about numerous times on the YouTube channel and on the human element. Podcast, phishing is a method of exactly what it sounds like, except instead of fish, they’re going after you and they’ll send you emails, text messages, social media posts, or social media messages, phone calls, all kinds of ways to try to hook you in as bait with B and then eventually run run rampant with ransomware. As the ultimate goal. It’s not getting any better. The data breach investigation report by Verizon comes out every year, says there was a 13% rise in ransomware attacks year over year from 2021. So the last two years 13% increase, this rise is greater increase than previous five years combined. So while everybody talks about doing away with ransomware, it’s not going anywhere. One of the primary reasons for that is it makes money, a lot of money for a lot of people. STATISTICA says that 71% of all global businesses felt the impact of ransomware trends, a total of 62.9% 63%, or almost two thirds of the ransomware victims paid the ransom. Now keep in mind is ransomware demands are usually in the 10s of 1000s, hundreds of 1000s. And in some case, millions and 10s of millions, depending on they know their target, they know who they’re going after. So when they targeted the health administration in Ireland, for I don’t remember the exact title of the administration, but it was the health administration in Ireland, they wanted $50 million. When they attack the Colonial Pipeline, I think they demand a $10 million or somewhere in that range. So they know their target, they know what they’re going to what they’re capable of getting. And that’s what they’re going to ask for. The industry is most targeted education, finance, government, healthcare and tech. Tech, for obvious reasons you go after one of us, you probably going to get access to a bunch of clients in the process. education, finance, government and health care, or high level high value targets. Healthcare Information, is the single most valuable piece of information on the dark web. So that is why it is highly targeted. We talked about on a previous video, there’s a video up already on the watch tech YouTube channel about why health care information is so valuable. One of the reasons is because it usually includes more information than personally identifiable information. So

your healthcare information, these health care providers need to do a better job protecting it.

So what can you do? stressed, you’re overworked, you’re exhausted, you’re not sure what to do to protect your clients data. Because at the end of the day, it is about customer service. If you’re not doing your part and protecting your clients data, you’re not doing a good job taking care of your customers. That is ultimately the goal here. If you lose your clients data gets encrypted. Whatever incident happens, have you done a good job taking care of your customers? If it was you on the receiving end of that? Notice, because you do have to provide notice now that if you hit with a data breach or ransomware attack, and it’s usually a combination of both, you do have to provide notice that you were hit with a ransomware attack and data breach. So what can you do? So I’ve got 10 things here that we can do to help improve the chances that we do not fall victim to ransomware attack or if we do our chances of recovering without having to pay a ransom. There is I believe legislation to make it a criminal act to pay a ransom demand and I don’t know if criminals the right word, but I believe there is there is potential legislation to prevent businesses from paying a ransom demand and you’re already supposed to report it so need to get our act together and learn to work together to try to prevent the scourge from from getting even worse. So the first thing have a backup plan, your data needs to get backed up. And it cannot just be backed up to an external hard drive connected to the same computer that you’re using every day, or the server that you use every day, it needs to have some level of security today. So regularly backup all important data and verify its integrity. And that means, you know, occasionally, every couple of months, maybe try to restore, make sure that the data looks good. This ensures that even if your system is compromised, you can still recover your data without paying the ransom. And you should also do this, a lot of us are using Office 365 Or Google workspace now for email, you should be backing out up, backing up, SharePoint OneDrive, whatever you can backup and use to get backed up. Dropbox. Use the three to one method three backups on two different media. So you could have a local backup on a NAS or on another drive another computer somewhere that has a password to it. And then at least one off site that’s typically going to be cloud. So I have some clients that are doing two or three cloud backups. Education is critical. This is if there’s one piece of advice I can tell you is the most important is this train your staff educate your staff about the dangers and this is everybody from sea level down of phishing emails and suspicious websites many ransomware attacks start with a simple click on a malicious link. It’s all it takes or download, download a document and you’re gonna see some of that in a moment. If we’re not constantly providing information to our team from from top down, we are setting ourselves up for failure. Trust no one. Use updated security software regularly updating your security software can protect against known types of ransomware. Make sure your antivirus software is set to automatically update and perform regular scans implement a zero trust policy. Zero trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its promote perimeters, and instead must verify anything and everything trying to connect to its systems before granting access. So in other words, you cannot approve an application just willy nilly it has to be approved by someone who can check the validity of that application whether or not it’s malware, and take the appropriate course of action. In simpler terms, zero trust means never trust. Always verify. That is zero trust. That’s what we use here in Washtech. Applications are whitelisted as needed. And if they’re not whitelisted, then you’re going to need to get approval before installing. And that includes things like Google Chrome, add ons and Firefox add ons and plugins and pretty much everything that’s out there. Patch In Update, keep systems updated always install updates and patches for your operating system and applications as soon as they become available. These updates often fix security vulnerabilities that ransomware could exploit. Every month Microsoft has Patch Tuesday, and usually there’s four or five, zero days or critical patches that might already be exploited. And so those need to get patched now this in the notes I said as soon as they are available. I usually tests first. So test on test system for wait a few days make sure it’s not breaking anything because sometimes those patches break things and it’s happened almost every month this year that something was broken. So wait a few days in in patch, don’t wait months. That’s very dangerous but a few days. Typically we are three days after patch Tuesday we push out the patches have tested it would push them on. Implement access controls, limit the access of your employees to your network only provide access to those files and directories that are absolutely necessary for their work. So the Secretary should not have access to sensitive financial documents. The different departments you know if you’re in marketing, you should not have access to the accounting department. If you’re in healthcare and you work the front desk you shouldn’t have access to patient files you are limited access just to check in and all of these things should be in play. I can’t tell you how many times I’ve read about health care provider who an employee had unlimited access unlimited range into healthcare records and stole that patient stole patient information and in some cases sold it or used it for some other nefarious purpose. So these are all things that we need to be careful of only give access to what they are needed to have access to use a firewall. A robust firewall can stop many ransomware attacks before they infiltrate your network, configure your firewall to block access to known malicious IP addresses. There’s more than one way to do this. And so we’re going to so there’s the firewall and then we’re going to talk about another method in a moment. You may also depending on your your setup, you may want to have

you want to you may want to make sure that not everything is accessible via the internet. And really realistically, almost nothing should be one of the first things we do when we go into a business a new client is removed, we remove all remote access software. So first of all turn off Remote Desktop Protocol, if it’s exposed to the internet should not be at all. And then we remove things like go to assist or LogMeIn or or Splashtop, or whatever is out TeamViewer TeamViewer is a big one. Any desk all of these things get removed unless there’s a business need to have it. And then I’ve gone to into businesses and connected to the server and found four or five different remote access software. Some of the software the client wasn’t even aware was on the server. This is extremely dangerous as means somebody may have access to that device at that time. Disable macros scripts, commonly found in Excel but can also be found in Word and other documents. Other types of documents a common ransomware technique is to use macros scripts embedded in documents, configure your software settings to disable macros, from email attachments to prevent this type of attack. In fact, zero trust will prevent this from happening. But still go ahead and disable macros in your software. Implement intrusion detection systems IDs, for short, can monitor your network for suspicious behavior, and known malware signatures stopping ransomware attacks before they can lock your system. We this is a true story, we went into a new client. It’s a financial advising firm. And we set up our intrusion detection system. It does a little more than that, but we set it up. And within I don’t know an hour or two. One of their computers was found to have a backdoor. So somebody had access to their this particular computer. And it appeared at a ransomware attack was imminent, the computer was immediately blacklisted and blocked from everything blocked from the internet blocked from the network. And before we even called the client and so we called the client told them what was going on. Replace the computer. No damage no foul that we we know of we don’t know if data was stolen. But you know ransomware averted. Use content scanning and filtering on your mail servers. All inbound emails should be scanned for known threats and should block any attachment types that could pose a threat. And if you have certain levels of Microsoft 365 and or Google workspace, it’s done automatically. There are third party services that work over the top of it. If you’re using another email service provider, you’ll need to check with them to see if this is a possibility. But also a lot of malware scanners do this too. Before it gets to you use DNS filtering. We talked about this a minute ago with the firewall you can also do this with DNS filtering to block potential malicious and questionable websites. In some businesses go even further block social media gambling sites and things like that. Especially social media because social media could could contain phishing attacks. Implement a security policy businesses should develop a security policy that includes password management, you should have secure password policy meaning the more characters better upper lower alphanumeric numbers and special characters. So upper lower numbers and special characters I set off in America it’s a little redundant, and includes special characters use. So I’ll tell you what we what we do, we use a password manager. And then we generate random passwords, at least 20 characters. They’re stored in the Password Manager. And we don’t have to remember any of the passwords except for the password manager. And then, you know on top of that, also multi factor authentication. You can also use conditional access, if it’ll work. So it’s not always going to work. So if you have, you know, work remote people, a few allow work from home on certain days or things like that, it’s going to be a lot more difficult to implement. But if all of your work is done in one location, then you can implement conditional access, we have conditional access set up for a remote monitoring tools. So they cannot be accessed outside of the allowed IP addresses, email and internet usage. So there should be a policy for that. What are you allowed to do on with email and internet? And we’ve gone into multiple businesses now where they were using free Gmail accounts, AOL accounts, yeah, well accounts, things like that. for business purposes, with sensitive information, we shut that down immediately told them you need to use email on the domain, it is now a policy in those businesses. Also internet usage, you know, are you allowed if you’re not in marketing? should you really be on Facebook or LinkedIn or whatever? And the handling and storage of sensitive information? Are you encrypting your emails that contain sensitive information? Is the storage where it’s stored? Is it encrypted in case that device walks out of the building? If you have I wouldn’t recommend this. But if you did have information on a portable drive or a thumb drive, is it encrypted? Is your laptop or desktop? Did you have BitLocker turned on? Those are all the things that you need to check for. And BitLocker is free. I don’t know why more businesses don’t use it. So final thoughts we would would you leave your car and home doors open at night or when you’re away? So last night, as I’m recording this, my daughter left the back door of my car open all night came up this morning to bring my son somewhere and the door was wide open. Fortunately, nothing occurred and didn’t rain or bugs or animals were in the car and nobody stole my car. So we got lucky. But the doors open, your immediate thought is something bad is going to happen. If the door is unlocked, and I you know we lock everything at night when everybody’s home. Or when we leave, everything’s locked down. Right. And most people do this now. It’s not the 50s anymore. Crime is rampant and we have to protect our homes and our property. Well the same applies to your technology. Remember, there’s no foolproof way to prevent ransomware attacks however, however and its big however, implementing these best practices will significantly reduce your risk and make your business a less attractive target for cyber criminals. Simple thing like multi factor authentication reduces the potential reduces the likelihood that somebody will try to compromise you I mean if that’s turned on, and they’re still trying to to crack the code so to speak, then they really want to get it hackers are not hackers cyber criminals are there like water they’re going to take the path of least resistance so if you allow them in easily they’re going to take that opportunity and seize it if you make it more difficult than most are going to turn and look the other way. But not all it’s not foolproof so I think if you time these are our socials if you’re on Facebook if you’re on YouTube, or where have you seen this video, not the podcast but the video on I’ll clue occlude I will include a link to the video in the podcast notes. We are on Facebook, Instagram, LinkedIn and YouTube at unwashed check our website for the businesses in Washtech NW AJ tech.com and the podcast website is the human element.net. So, hope I hear from some of you. And until next time, stay secure